FIX updateValidatePassword calls need to be masked from backtraces

This commit is contained in:
Daniel Hensby 2018-07-14 19:30:29 +01:00
parent ab942c9290
commit e37b3b95f4
No known key found for this signature in database
GPG Key ID: D8DEBC4C8E7BC8B9
2 changed files with 46 additions and 1 deletions

View File

@ -45,6 +45,7 @@ class Backtrace
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'), array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'), array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'), array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
array('*', 'updateValidatePassword'),
); );
/** /**
@ -106,7 +107,10 @@ class Backtrace
$match = false; $match = false;
if (!empty($bt[$i]['class'])) { if (!empty($bt[$i]['class'])) {
foreach ($ignoredArgs as $fnSpec) { foreach ($ignoredArgs as $fnSpec) {
if (is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) { if (is_array($fnSpec) &&
('*' == $fnSpec[0] || $bt[$i]['class'] == $fnSpec[0]) &&
$bt[$i]['function'] == $fnSpec[1]
) {
$match = true; $match = true;
} }
} }

View File

@ -68,4 +68,45 @@ class BacktraceTest extends SapphireTest
$this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions'); $this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
$this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions'); $this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
} }
public function testFilteredWildCard()
{
$bt = array(
array(
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myIgnoredGlobalFunction',
'args' => array('password' => 'secred',)
),
array(
'class' => 'MyClass',
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myIgnoredClassFunction',
'args' => array('password' => 'secred',)
),
array(
'class' => 'MyClass',
'type' => '->',
'file' => 'MyFile.php',
'line' => 99,
'function' => 'myFunction',
'args' => array('myarg' => 'myval')
)
);
Backtrace::config()->update(
'ignore_function_args',
array(
array('*', 'myIgnoredClassFunction'),
)
);
$filtered = Backtrace::filter_backtrace($bt);
$this->assertEquals('secred', $filtered[0]['args']['password']);
$this->assertEquals('<filtered>', $filtered[1]['args']['password']);
$this->assertEquals('myval', $filtered[2]['args']['myarg']);
}
} }